[Samba] Fwd: ntlm_auth and freeradius

Kees van Vloten keesvanvloten at gmail.com
Mon Apr 3 15:40:22 UTC 2023

On 03-04-2023 17:18, Tim ODriscoll wrote:
> Hi Kees,
> I assume you deployed the wifi profile via GPO?
> I wonder if I've got that part wrong, although seeing as I'm getting 
> to the ntlm_auth prompt with the correct machine name format (with the 
> $ at the end)?
> Tim
If you have doubts about the user, you add to /etc/samba/smb.conf on the 
domain controllers:

log level = 3 auth_json_audit:3@/var/log/samba/audit.log

The audit.log will tell you exactly who tried what and the result. Very 
helpful :-)

As for the wlan profile I use a local xml-file deployed by Ansible and a 
script to switch between lan and wlan while keeping the same ip-address.

The wlan profile.xml does not specify the machine name but it is what 
windows will try first. You can try without a GPO to setup the wlan 
connection manually and you will see it tries the machine credentials 
before it prompts you to supply any credentials.

- Kees.

More information about the samba mailing list